hxxps://sustainability[.]google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=

Resubmissions

18/12/2024, 17:54

241218-wg1lpsxpdl 7

10/12/2024, 19:16

241210-xy39lazmgm 7

10/12/2024, 14:11

241210-rhjmcsxlgz 7

12/06/2024, 14:49

240612-r7fxrssgjk 8

Analysis

max time kernel
1561s
max time network
1568s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sustainability.google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1928	AssaultCube_v1.3.0.2_LockdownEdition.exe
2964	oalinst.exe
1680	ac_client.exe

Loads dropped DLL 16 IoCs

pid	Process
1928	AssaultCube_v1.3.0.2_LockdownEdition.exe
1928	AssaultCube_v1.3.0.2_LockdownEdition.exe
1928	AssaultCube_v1.3.0.2_LockdownEdition.exe
1928	AssaultCube_v1.3.0.2_LockdownEdition.exe
1928	AssaultCube_v1.3.0.2_LockdownEdition.exe
2964	oalinst.exe
2964	oalinst.exe
2964	oalinst.exe
2964	oalinst.exe
2964	oalinst.exe
2964	oalinst.exe
2964	oalinst.exe
2964	oalinst.exe
1680	ac_client.exe
1680	ac_client.exe
1680	ac_client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\tmpCBC9.tmp	oalinst.exe
File created	C:\Windows\SysWOW64\OpenAL32.new	oalinst.exe
File created	C:\Windows\SysWOW64\wrap_oal.new	oalinst.exe
File created	C:\Windows\system32\OpenAL32.new	oalinst.exe
File created	C:\Windows\system32\wrap_oal.new	oalinst.exe
File opened for modification	C:\Windows\SysWOW64\tmpCBC8.tmp	oalinst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\ladder_15x\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\nades\nades.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\grates\grate_vert\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\voicecom\sorry.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\shovels\shovel3\shovel3.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\playermodels\md2.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\playermodels\CLA\02_redvest.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\images\otheros.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\doors\1\skin.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\sitters\ton\down\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\bot\waypoints\ac_depot.wpt	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\voicecom\inposition_2.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\grass_short\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\ladder_7x\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\decals\manhole\1\skin.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\signs\noentry\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\makke\c_tile.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\libjpeg-9.dll	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\toca\frozenground1.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\config\opt\faq.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\wall_spotlight\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\golgotha\metal_bumps2.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\makke\rattrap\rb_concrete.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\config\serverinfo_en.txt	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\commrack2\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\signs\explosives\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\DigitalFlux\light_brown_dirt_02.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\ambience\t_hum03.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\arcitool\archibrick03.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\soundtracks\pingpong\Ping_Pong_-_Kamikadze.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\arcitool\n_f-natur2.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\skymaps\humus\powerlines_bk.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\skymaps\steini\steini2_bk.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\mods\protox_hq_reskin.zip	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\maps\official\ac_werk.cgz	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\makke\rattrap\rb_box_01.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\bot\waypoints\ac_alcove.wpt	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\plant_leafy_dry\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\paintbucket\2\tris.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\stairs_aqueous\stairsacc\beam\tris.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\playermodels\license.txt	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\player\pain4.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\arab_lamps\arab_lamp_3\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\servercluster\U3_3\U3.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\ammobox\ammobox.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\helmet\helmet.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\voicecom\yes.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\servercluster\U3_2\U3.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\skymaps\steini\steini3_lf.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\broken_wood\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\vote\vote_call.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\css\fancytable.css	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\hotel_sign\skin2.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\barrel\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\platformmet\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\golgotha\smallsteelbox.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\jamz\double_door_r.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\misc\igraph\3.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\tree1\tris.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\antenna\tris.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\skymaps\socksky\nightball_bk.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\sunnyd\beerbottle\license.txt	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\weapon\grenade_bounce1.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\bot\waypoints\ac_desert2.wpt	AssaultCube_v1.3.0.2_LockdownEdition.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\cubers.net\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\assault.cubers.net\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\assault.cubers.net\ = "78"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\sustainability.google	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\sustainability.google\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\cubers.net\Total = "32"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\cubers.net\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{125408C1-28CB-11EF-8156-CE03E2754020} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e4149339e46604ced32aadf381569c086823a0e60da18cdb2f397e9fe5fadf6f000000000e80000000020000200000001847b833d46f516aee7a81ab5d86b82818f0c0c21366ae58a19d0499a310831c20000000957f6926747c52ca2d6848698b96b906589aeaf76126404d67fd77c5799fae464000000065a713e860dc7a12c4bcdba8356848ad09655bb69934fc57bce035d3c1ea4e245dfba5b800ae3516f9072fb1792650f5b2d1a26d6428eba3fc6b9e0a125e7248	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "96"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\assault.cubers.net	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\cubers.net\Total = "78"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ca455fc75226ac35278f633e7353870658f4e34770d949dd67b5178917e40894000000000e80000000020000200000007af37fa0ea5d6a259ec57be7f3298498d7a9436816a884c3edcc7c1e8d26cdda9000000058f356c446ed9bf9025bf27eb9dbec94935a5a5dfba6e606018dc0bf5beed1126659d65e97bf0601a0543bf0b22c3c99f483f98f1675ca5c2b09f0fe0e08297a77f0167d2cde7acff9299076310fed58b9d12b244cd34b75a22f797ad9d4c1815230c1aaad1d6d54f13cee1fb1e1a1778bed7094072858a92ba23617721822d88e8a101db20c66de623ff0ee13a5c8d640000000494ef3e630e7de59ed4d590b2a5549abb123f9acdb7d702b0b0256c52985648e4fb0351c0d0d069dc8f41bf8e73474ff68d2a0fb1237f7f9099a691afc3acbb4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3DC1789-28CB-11EF-8156-CE03E2754020} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\assault.cubers.net\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube	AssaultCube_v1.3.0.2_LockdownEdition.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\ = "AssaultCube 1.3.0.2"	AssaultCube_v1.3.0.2_LockdownEdition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\DefaultIcon	AssaultCube_v1.3.0.2_LockdownEdition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\shell	AssaultCube_v1.3.0.2_LockdownEdition.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\URL Protocol	AssaultCube_v1.3.0.2_LockdownEdition.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\DefaultIcon\ = "\"C:\\Program Files (x86)\\AssaultCube 1.3.0.2\\bin_win32\\ac_client.exe\""	AssaultCube_v1.3.0.2_LockdownEdition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\shell\open\command	AssaultCube_v1.3.0.2_LockdownEdition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\shell\open	AssaultCube_v1.3.0.2_LockdownEdition.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\shell\open\command\ = "\"cmd.exe\" /C cd \"C:\\Program Files (x86)\\AssaultCube 1.3.0.2\" & \"assaultcube.bat\" \"%1\""	AssaultCube_v1.3.0.2_LockdownEdition.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
1680	ac_client.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1048	chrome.exe
1048	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1928	AssaultCube_v1.3.0.2_LockdownEdition.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe
Token: SeShutdownPrivilege	1048	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2248	iexplore.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe
1048	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2732	iexplore.exe
2732	iexplore.exe
2496	IEXPLORE.EXE
2496	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2056	2248	iexplore.exe	28
PID 2248 wrote to memory of 2056	2248	iexplore.exe	28
PID 2248 wrote to memory of 2056	2248	iexplore.exe	28
PID 2248 wrote to memory of 2056	2248	iexplore.exe	28
PID 1048 wrote to memory of 2604	1048	chrome.exe	31
PID 1048 wrote to memory of 2604	1048	chrome.exe	31
PID 1048 wrote to memory of 2604	1048	chrome.exe	31
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 2184	1048	chrome.exe	33
PID 1048 wrote to memory of 1700	1048	chrome.exe	34
PID 1048 wrote to memory of 1700	1048	chrome.exe	34
PID 1048 wrote to memory of 1700	1048	chrome.exe	34
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35
PID 1048 wrote to memory of 1580	1048	chrome.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://sustainability.google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6559758,0x7fef6559768,0x7fef6559778
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3184 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:2
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1372 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:2
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3312 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3536 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1396 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2348 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2384 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3464 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4104 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4284 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4132 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4200 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2412 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3636 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3368 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3300 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1352,i,10141068789970332601,11142076903029821111,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Users\Admin\Downloads\AssaultCube_v1.3.0.2_LockdownEdition.exe
  "C:\Users\Admin\Downloads\AssaultCube_v1.3.0.2_LockdownEdition.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1928
- - C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\oalinst.exe
    "C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\oalinst.exe" -s
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    PID:2964
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://assault.cubers.net/releasenotes/v1.3/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2496

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2948

C:\Windows\system32\cmd.exe
cmd /c ""C:\Program Files (x86)\AssaultCube 1.3.0.2\assaultcube.bat" "
1⤵
PID:1800
- C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\ac_client.exe
  bin_win32\ac_client.exe "--home=?MYDOCUMENTS?\My Games\AssaultCube\v1.3" --init
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AssaultCube 1.3.0.2\assaultcube.bat

Filesize
102B

MD5
5712cb3e54733dcfe084375cf56ee91c

SHA1
db4ace6e71208b8eae4e155e49c34701b11f77ca

SHA256
060e8cf999204e18f8c9fb4036978ff2a352dfcf41c8153059db4faa787d93e2

SHA512
6b1a5dfe0be63203e060a7ca264f2781db543d9f1d919517e1a3a6a5bdaae976970df25d6ef984568a81f961e6d161d5db2a441b774fd23e5aa7c98dea847af0

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\ac_client.exe

Filesize
1.6MB

MD5
2abc290c544e3ba2125c94ca255d07b2

SHA1
fb34dbfea60d54d9d98824b746f23ec9a6f4d26c

SHA256
5b588e6ff7710fa0170553506a50bfa14750ccb438a154e4ea0e0b1ba621cefb

SHA512
8f121be6b15bbe4d1fa19780439a65c289029946ba9e6773b20c0fcb7bb907e00a34baead1c4501015f643dcd22433756f2e008f92e9c6b3abca1016a4a4f0b3

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\libvorbisfile.dll

Filesize
104KB

MD5
522abfcc889293dda2ff79b33f15799d

SHA1
0c02b330d17f660908180b77b1435eda53e5b39a

SHA256
49564cd6facc72d430cd191e7302281143c0122633c8bd2df7a1d077ebeee1fb

SHA512
c8853411c4b1bd144309328d5613beb70da49235730f50abaa1624ffb9c8f88503c026586e97d415d5ab2d231dc27c2547322530df007a592b5f6836631eff3d

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\images\server_error_rate_examples.jpg

Filesize
43KB

MD5
8a762531ce5243139b6c97ea846cb74f

SHA1
c0e3b19ecb8786cb2f7db03723e5ea9faa345b8f

SHA256
730185e326ffb7fe3be4df4e3d7b2cbe4946c3ff3332669a5e94d66b903b0715

SHA512
902874e96ea32b2274c322e04027ff0668fcd5543400e408d061c1e56c533bc8be0f5a6647f6efcc897b4c27c925cd2e12c554e409d44b40b46a8c6eebcf4d29

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\grates\grate_rust.jpg

Filesize
20KB

MD5
8caa8c3e1f832176c6594dc45a44c497

SHA1
43336ddcc541dfc1bae54bd3e1551f95f20b499e

SHA256
d0734b313ba8da1262d058edbf4e0fa44562d674bec6c262d0793bbe82b94eb7

SHA512
6f885e744e50f3a8ce4f1fb859f833c4c0565490bbe8dcff00057055a0e020cd09d5af8ce8e44a359e23dbd84d50e2b2a1050ea12d1e021678fff7690371c924

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\shovels\shovel.jpg

Filesize
32KB

MD5
79a938f3ce76a039662287d7dc6adc7c

SHA1
f4b9750bbf756b18c72b732585d25a66c164e88f

SHA256
4e00527738b7a222721d6f0e2e09fa8b34b5e9b361284fdcb40dec4e6303387e

SHA512
b299d9e209041a4dd25a0b73781efe886732c5e37f6cd38744459718fa122dfc104db02046d2aab2170d31fc6a3c9fecf36d4499d0355b2b47030eec656d425c

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\worldmap\worldmap.jpg

Filesize
93KB

MD5
1fbfbf5e9841a13a15cb4fc0743121c7

SHA1
9fc122171e80911f6e0efd0602624787fc33ac8c

SHA256
fe2a5b81bfd5c8bb433d492c8c9b2f08ebd2ae02cebe59c09d8c5adf37f6e88a

SHA512
826be98b844f0e70d2b39a6d5a8d8424c6127563e7cc4af14e246b9affad269a43105d79b434c19dd1541fdee13a4e5355ef48d6444437d20ee6b9488bbe1bb8

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\servercluster\U3_2\U3.md3

Filesize
868B

MD5
1b8072455383ce51a30d92698dd8c1b1

SHA1
24e6a8699621699ef4f83fa8d0d8ecbfa9c69ec5

SHA256
0b82e1e97acf65dfa995163ac07acba398cfae3b562f431f56f37cebfb035ff3

SHA512
cc76fe8183f59fef72eaedc88427aeeae51c681ae7d75b2fd3c2010f327d7482cb23b50cf7bdca4cb4335e87bd59bef19cbd8343b01dbb405b2b689954d62b35

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\servercluster\U6_2\U6.md3

Filesize
868B

MD5
170b0bbd75dec76bb967228343f643bb

SHA1
9407e91f234be1d0264cd58193dced8e9496c238

SHA256
17fdfd1100a7b2d2b0cd8edd03ccb51ba4e30aa14bfa422d5ad7a3905a185a7e

SHA512
cf616da63f00c90e7ba9a6b5a07b923fb125be09a8ca22d76adfe46cf34ff7e6a440743c16d158be1a31bd14161f4a86740e63a8d6bd903edcb2053a74e559c4

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\misc\gib02\md2.cfg

Filesize
33B

MD5
52a59f970d4a05e695d7d3c10ae74f20

SHA1
19938a63ed949c81807adbba3adcb9c46fb3b0e8

SHA256
58f16f9b607aa717d20906e70bbb6861a30fc3e40807a10a2cb0279ae058cb22

SHA512
7887c7c54fc29375f62da835258ade44a258166547d624f71bce3af8967c2fcf159f042df4af68d27c6fd470072e9264a20b7597f49fc6b572a805fb1c085ada

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\license.txt

Filesize
1KB

MD5
dc40a233726542dfd4cde7f2031b04fa

SHA1
b29bea5c1542bbbff4d220b1bd83c9492265c21b

SHA256
6960a44c84ae6de6a071eeae3977ee8e2f9dde0e5109648dd3c0aa4d078787ac

SHA512
93613f3a4a0a2082fef38bc8fbec6c37db225a38673c2ee274c0099fe42e136078fa5033ff51f1dc4a990a2986cb75f8571de78e57ec8125085cab117590a308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
962debf6fda6f65f06a5df811f4a7407

SHA1
f6257069f9287554248fb2e067271b77ac9a7136

SHA256
d57f0a30d35d94a2697ba14ea6bb57f2ad52b4b612a8fa5f37ec31cf08e40e6a

SHA512
8bd8b1e5d0a3995ec7bbd1a69b01c0c97d9cb436d803ebc91f691d0a91cb3ba429edc588de9d33bf2d2dc5dc2a1ce27f572989f24cf378d58480bad856af0074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

Filesize
471B

MD5
e6868114550f22eb84a50b078bda483d

SHA1
9304e0f07a02f36a9624dd43e3e5f6e3a8423b1f

SHA256
0265d5c043ab007adb15f48b2af9a09b691af3b80b78ddcf24b1b915c94690d0

SHA512
7f69f27595759bf043ff75d48980606fb2746ae47696002616dd3fefce194b68651325106e643a93c0b67fbba8dea7e86377b7b8f0f6051d8356a095b858db9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94

Filesize
472B

MD5
9bd7a3639553f6316865d784a67fc30a

SHA1
90b361363d0cd547901b9b06a247b9fef92bc560

SHA256
a52b706126e0add0c959cc8f372eb46933acde9db98ed92c1d55f8b0fb480397

SHA512
1b0e4ea85cfa5ec622f9669915a7e3e1600450ef7670fa9b6a5e6674036ed388a832ad4bb4e4b61013042dc875c28e5c3f7d6dc14e02629ecce36fa9a59df081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0f76caabd0f75053bdfee208679f34d9

SHA1
4c85a77278371d17c3ed9a373c60b50223b7d0cc

SHA256
7dc09a6b181cc4ed67252a0d6a8d5fc06c809885f4a0c50092b70c222b1eef58

SHA512
3fd3e0ff635ee136d9da7341320fe5a1f7687f31f96ced1774982c3389e954e5cb345b9e004789ed6008226ab99f1ed4f4551840c7ceaa4bdb86aa27926551da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

Filesize
406B

MD5
3194749b2fba0d304ad3ce0276fb4fa7

SHA1
707ea8a906c30ba34a55afde6bf213ee3fd60e00

SHA256
2df6aa58b9c3dfded21195daccefbc6a411a06a39c16989ffa4fa6465c81bbac

SHA512
a6c70eab32fbb0ff59a1f26d284256ece76cd1faa3d8c55b55be20a665eb48804c45209957184d2e3715c47b56ee50ca1d639cff10c5f83ba6cdf34c506da071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a13e44924fdd9515fd2a829a29dfe61

SHA1
3d0484d713b58229ece7d7252f50ea76c72ca3a8

SHA256
fc9c3b0a34d40ae36b3a5bb18c43f8d836d4138bdbe3e80d18fe3146be39b4a1

SHA512
e00df8014766836491df5d5f174b1f7767fe908dca024e6d77d5f21483bf44bc82aa2e8599e15e6dd373ff99de43c9e21f59c0f2eebd7687e0bd2d7d162bc8d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
731f1fbf57f0b51ea0908e10c7079b69

SHA1
a823bc515299d6129f31a049cb3e4f72124e68c2

SHA256
872ff74de9aeb6753519e3af149504fc4523e0fb442fbf33994453fc8792e173

SHA512
42d3daf9a1879d08a3362659d260cc7e383076561af2fe6416cc280716fe31a18e83a05e0cf5ed9c0a8b6ede4e47fb16b8a850d7c53b2bddb624c7d168cac9e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1a9c2270ff63422e68d546a9e2eddfb

SHA1
978a10e2fe67301033e342adc147696c5544d441

SHA256
0f4303bef4ee2371fa6eede4a559b6b1f1b4433cc4b11e353caa1a4b06c91ecb

SHA512
8fe5f8c4bffd487d9fff7f4fcaea514d0a8375b4097994a1c1c94ade5103fdc78a82a6b7c5c71c15b1cae13c52101bd0611d76dd0ab1342ba19ba6dc75f27ffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21b8a9c9acff18e010b4e77b3938a182

SHA1
8c01d64985ef6cee194835ec8c225d94e57a6848

SHA256
4781672db04c5f18cde491d9350f427d8a78c1ac2c51ffc783a84e29f01b84ec

SHA512
34f41bbfd6b7a897eb7c0251670e6e12ea53365a48cba84475493e4af40da0b92a10a4ea9f713139f252875755c4c6e385092ac97f330ea71056faacfeaaf5f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de2d989ddf0db9a5455785ff1187f258

SHA1
1b1c443e21e8e13b2b5d033bf9654292871b8a03

SHA256
8c94c349b6e99825173489cb538d08369dc8149431ac6c6aef6ae3be01516171

SHA512
3cbd4fb1d6b4fb10459afd15c9afc1eaf0f37055fff6e27b998def584faa0e320eb88c1cfbe6f67c564f5ec0c189de6d32f245a8702b49e34617f7289110a7f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0780d890d222caf16aacc3c42923179c

SHA1
0b11a4a39970a4cc7023e2dad40e4a97a985228b

SHA256
363f0df0ceffda04786250a387866e56356bb0f3b91da4b674d3251bc0c2a3ea

SHA512
1fbb21b1d4e32f009699e22303f1fec1f6532743f4c65df640b6d74b3408d4a223c1ccd399bf4e85c26a6f7746804a072d2145107b4d78cf1f8fb1da392126d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fe6313aecce0eed79d779254c29654d

SHA1
d04e2b7e79810880541254f195968005c9de90af

SHA256
826afc2666af5e82c03ec0ec57a28b09856f7513c44d46c066e857f6f193e142

SHA512
5af50c99a10618a31940f11b4ae215240fd9ce9a31acd83efd7b8654dc3761ddcf275505ff3de1ac3fcd7f939129ec4c35eee0acab6c69647b5eb1741c431632

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
620ce92df185fc87458521ea1b9805c0

SHA1
f1b3fd73627605e5be19786db67c2bb93838670d

SHA256
10bfe31affda45fa0226ccf42ecd1ca77b53dcf885d794206c8760f470d70c58

SHA512
2caefd76327afe68abda13fe74ed3a328367f0d8c761a35226f32840e5a7ef78000b5e2efc16e66637ae9986504349d15cddfa67b95867d9bf669e44acd5123f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80df5699f54a4fd36b8ee9e740058dcd

SHA1
15fbfaaebf94ed118a5da81794f803f62ae3ea9e

SHA256
988558d707b9b5c5286e9b38733e19f9c37e31a2e28c64e9edf3e344d73cc5e6

SHA512
c81bdcea5eb32d94b113e2d617f708d99e3bf4ab653a347d1b824fe984a7a06100797a0616dac4ac2979eed38e0f9662e87581add9c65d51d0ffa2d59984dcc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5e1d5238e1569e71c2d9effcda4579b

SHA1
f90be6611f9d6125f3dbbeb4029ba2e38954fb7e

SHA256
7f70bc15ac9f13c205ff6947df956066e67dad13daafa747bfbcde593fc78c07

SHA512
9080dd229d5716166652e5fdb2a78f738ae4cee568f425c54482e425736ce06ff9e40faea9b6948aef6251fdfee4c16e703f6efa6d63c5ddb347922b3891ef92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27c8de07792da979aace53ce32926261

SHA1
26af2b1a0e6a1c25e7f3701203b3136d1ce93bb1

SHA256
cf9fa5fbd902cab6e1bd3bc235bcbbb8527166807f59ef70b64388e9cd9370d8

SHA512
8bef086ef9e4c7cab1e79fa16c04ac2f24ceb724923675d66995e6dae075d429e05b16c894e12110da847516e7d59b364d198f248cd319612c93aa5b856e87e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ab027fbcb890b33c38b1155e3cbeeca

SHA1
a1f7c0c5ee4848d9522cafcc1c39581a83aaa2ae

SHA256
d337e895491b2d3ef928deae6308c8a3fae07dc952d6d02e42d28903f103c117

SHA512
c09a9a312d1c024f5a56c89378f45f8dd16f056f99880a84dd7b06f57629912d12cd2cf1f22513907864f45b4cef04f082edc22e67e3e5ac67c8be56eba27368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b297f8e38d09fb7bb30b1f1c2f849fdf

SHA1
98c39362e51232b5d52b5812330f64f6d38b78a6

SHA256
5fdc06a09d4283cbc5141993cf8a913e8e84b84b3d8d66bb3405acfa8e5641a4

SHA512
71baac8960b6418273bd3835185f5d3aa1716b96e0aba813b4bb9b8b6d315c0a0b204b39e24267af366a65fe7efc9f51fa199de8921bf15a7dc0780b852f45c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
357075b0fcb5006a945fb139f5ce9b54

SHA1
ac101563fcf892d8380bccc776a64331cad8b5a9

SHA256
44c525ce6e477537cf754dd9383eea79f526538ec6fe629ee4efee2d00c47a55

SHA512
21a596e782b4c8f8ddb111e75d7cfc1a8d35b309612dbebe5a2c56b0e85fcc70cbb47099e5f4d5296c211754bcda3223d225e4c6b630edbc21c72e5bff4c316b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d582c5badce1a53a9c9b6bef50a2e0a

SHA1
b3e6bf9574e92c09b8fbcd3cc9eba55b50f03609

SHA256
6a0a214546b0bc92fc4f985eba75d63d2371b21adf33e948fa8119dc40c2f7e1

SHA512
caaf0f742553c3ad5b2d1acd50c24d6ba6c7d796fafbe79146d9fc92fc3cbb2164b249b12c38022a8b9d0ad6b24b539593155300f39ce461c1fbb44d66196ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b04c04bd3c82b2f968a0e65d43b7386d

SHA1
6e7c085e9900034e6b10cfc88a44b3da0f733ed2

SHA256
5c0200e6919d92666fd868f4be6a4c7ae166f9c9322cb91c5b458b15378aa5c1

SHA512
6c0d87b2da394d98a2c7691f4d2efc5eb154adef58ff0fcfe3b1a105f63baad750f76181822131f37f92e1cba07130255680d76d64a1734b293fc092a57cf53d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30b8583e1e1ef2c9f05fcdfac2445026

SHA1
f72f894b8aab412b58750fc422e8abde45a88857

SHA256
7815e175f2da17aa8cbff16335e961deff7b280f33c6fda42497dda02229f60a

SHA512
14656cfb422ded6caeb0a97e4be641d2801751b1916b58b66d102272d12480c837913b30b9649ad6bd4a358d747cb193140a239446d9b69cb0b748572fcefe9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a656d6895e77607b7fccd9cee56a30ed

SHA1
7967fe1e49748dd2ba6fe4ebbfc87a0654e662a2

SHA256
b0714cb2a11eea9cc32c84bda146b9f62e583b86c4146068ff7769085ebcb34c

SHA512
8ca2312aef8716118e6e19bc916d9ad8b2a0006373a4fbb980b33d2c155509f58582b60005bee71afdd6785932d246c23a23362d72f0390ed6d2949fe7976b4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53ccd4b104a5a91599e144168049e480

SHA1
f22712828b2477e80429df08ba698c985b5b8928

SHA256
8ce1f58d75b09833a7953f0555db6df1a816b82918328636917ac1a21ec82f5f

SHA512
4c1983856490f433445373a52998717efb4ed5797a4af9d6508b964ce1919776fbcd10488b725c72435b440860d2f4b25c1cd02876c1c67bc45c89e3fbdba548

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
487cc4f470fd01ab0f8fdbff61f7a490

SHA1
04fd9380035e330d585169104a9c02dc101b72e2

SHA256
c6a8e7e9b5887a4b73e21f0d3af9c29a43a06dce277fefe7b85a75baa0c9c036

SHA512
02751ecaaf95a8fed2d7897357984acbf99aa7f8a7f1907f193db137f8b7c9c77b42187fba016efbf2d1718f773c23c35dc108ba802a3a61b00fad2faad81794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
760d1d59280e0a54e2a98d6340165887

SHA1
fb43029b066ff37b59e67353621a9725019a4c5a

SHA256
5b4632539f92629ceabd9b1c1f700e25f24bddd8173980180d270bf96982889d

SHA512
be9f8a5d3bcbbf404b98caa47eddd5cb5aa84de05500f760152954551ffb1e45b77a39c84a2cee5a743f31cae0ca4e30b5f7a76cec4a4f02e8ea976f858b4b15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0634f1a7e1ced0ec9d935d1f4160ad4b

SHA1
8649790762bcd133bda772c814899bd21089cfaa

SHA256
232db621f225eebabfc1d8cfb0a16560dbe4f6601e4f688493476a41d484df7c

SHA512
d62c018b6b0b78a3c42de559e451adaf6e65045b2614dd0459404c6e309bad086fcdba123666aee69846df512c793bc120fe15b3139610ebec83b2b35ec57221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f44d90a4b342c6ba2f910242198a1f9

SHA1
1606cde0268c635f7e82f249b3b5f4276e336def

SHA256
555cb6404078edfba67690af0a6d714f3da5077093324484c4290bc60e378cfd

SHA512
a9b86e12065915d0cdfe4ad74117708a23cbf9356232d02d97522c00959ad18e9ea1568aaf0663df26d2f450059a7a569b8a7bd40b255be2ca04ff5ecca758c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef63c82c238edf8aec679aad49a4b364

SHA1
306d631d589ad14dc91842e876ff3589cefdd47d

SHA256
be546390d8f396b7fb64e0c4077d95914d8f3f45f5c8b658abaad1a2a6b8e866

SHA512
6089950ad558cde9ef45370405cdf093fffc24a813057aced99b79d27c5f2a7cca33a9b8308c71751ecdc84a5f10476ef213fce7126df09a46bf004a5d0dd670

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d0430afd1c2859f5c0c0f43f78bc3b1

SHA1
0272c99f1365d033c6da862cd595fbcb7ff5107f

SHA256
5b084801592189622e83271547219e176aa026654b82808efe0e309e653c6438

SHA512
0742ab8fc39c33b6135aad9cbc87421b456f7fca9bbced27e1f9e98fb74e609cd0105d706da7f66ba875f7bfedf9a2591822d4e898f5984ae0299c78894e7846

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94

Filesize
406B

MD5
01f6b458b5bf108d935e26fe0137baff

SHA1
b0b66347b8f5c0f69426d2f13a1765d2fb652578

SHA256
0dce4a5b9a71b11d9069f72edfcb615ed441e8bab410ddc76f34aaf17c7110cb

SHA512
3b5125e9134dc2c6d2481d049e58641bcd1d0c177c7fda8ebe1f59c7b1e7902fb625a4ce4351e164da8f8668df84649b213cfd0aa8e14c9546a951d5cc66aff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2816a0d6-ad5b-46b5-a5ba-708c3ec6e957.tmp

Filesize
294KB

MD5
592f5fbfc4d16553c9833dc71c732951

SHA1
e93e8e28b2cc4185923a1d10fd0c941f949e382b

SHA256
ff8e4fda3ea50689d162141a7dc64cb099538aa480d82afb974a249bdfc083d9

SHA512
b88eafe6fcd4edf18567e02941692cda636a674c64eb57529625b87dda703b1cf3b151d3a8aa75e6abef7af79b4b00fd5e254a4a25f0325894436c46897dd226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\720c4121-4104-4299-a428-c92dc027c4ae.tmp

Filesize
5KB

MD5
9c34818d8da23118a5fe0c04de8bea09

SHA1
cd2bb8d0bc146a2fc31cd07bb693086073b7b930

SHA256
3c61690f753754862399024f86fb3d8ffc145aee6085fe6180ea03cc56d69860

SHA512
b4255e7300d1cd0dd1a448d700f31125c4f63a00f35c3277306ae88bc99c148ac3e7e81850d7ec128261781182cfa0905826813c01ae9ace59cc2765835e35ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
37d629492a57d6cacf10098f3eba95c4

SHA1
f77d21fa70431c254b246d91b21f8112cc93fa4a

SHA256
0367238ff9ac1c709edc2ec927c5dae2bc895152d50c59884b410f722261a1c0

SHA512
11258ffbf40ef3b5a5202d2fff2d1aa50e408e0242d5850607f764dbb72f1f9345d937144d414982f6cba75130542052f3af649e39a6ac2b73d038a00707b3e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
892ab8968961078809329a12ed15860a

SHA1
c2d459b543e604b73a054eebdc1798c5c9a13f38

SHA256
db7bfa0f150ef3c72f61a664da0463c70e7e3b2d6136e839a3e9dfa5eeacff10

SHA512
c1d8d7db0e97fbd7fe352a99cbdb7094abe390e0564f40deca47041342d8885872e12a3aa28a4bf2436d4629586307a5feef0727d4ab7164c822b61103c05e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
32de6b7886bc5f3c6aced5505c0c001f

SHA1
8bd07e2040e7f82f262a234fbb01892988428e6f

SHA256
5b583bbe514eb1a526a90102a7c0054afe028958b204dadae2999ad6a15ccd42

SHA512
ebbe3c6898b53ef3bd13634be818caf75be80a969e1843cfc977f6edfe8ac8f2bf93db231ea7eaf5d3097f9ca921e036cc0c785653868563d576a54d550b5830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
460604c7522ebdb9204517f161652579

SHA1
ca8a4e1cf4e5937dc3595faf449f0acaafc9452b

SHA256
fea34929c37f9ac190ec318035178b39e71beba696b4ad4e977ee1cc8ef23e9d

SHA512
5c27b855a2c7f3ba040b6b149ebeff2fdd650cf86293399758a2b89c6226fd52803389c085b13cd2bfb13f36a54e78272fd94ca7bee28ccd4fc35c8cf14a04c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
12d14ba82c63732f7da8310867dc2a96

SHA1
1f367b09c4082b351d473f18ebaf0a6656d29bdf

SHA256
38613d8d3d5feb4a3101806693f39029cd6723096a62ab48eaca4145efb3e182

SHA512
600a832abfece20159e3acfa5332cd24985facf9595487a9f053719bfe7cb1e68cc3ef84d24cbd3b160452a3a8391b724b1027c970bab57701c957ccaf582dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2f338d726b33cf8edca272c6a0f3190c

SHA1
0f8dbeb05feaa0400695d42f6c7d0ca60b2a8c7f

SHA256
5153b81297651f7dae152098b8f3698b120b04995fb14ba3a681d322e4b42f5c

SHA512
aa8ccc2ab45b0e0637733ed2b4dd6645bb2cb116ac90b5aa8909fd0589273870ea38e321b2baed89e2834894cbc5387eb380f025dd15ff679c66dcf7c6cdef1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3e682c3d2e29ba4f9aa8b168df8b0b28

SHA1
12515bcac6581c7a6ff1c7c681a870c929b236c6

SHA256
aa7d60d387ae0a4eba0d495b537027af0ee8b67fe50d8548f5cfd62102f523cf

SHA512
baa696169e9fb0bab83e0ade852b8d7b4083ca98bda87c49a11ca100ad5d9c08009d0b250bb3d1ca928077df3ce3c84c69607fbe771569df4b4ee92fe69c1f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
294KB

MD5
617e6a1e19237e22ee0586d5c0df741c

SHA1
2310078684da56080fe6367e6906240fda25da66

SHA256
481d710aa28adc5bde8884c4d447877c8038497a096f9acbd8277fc8d5a3ec08

SHA512
99e54553bd298c5df0b1cb0f8cd3ab516c86fafccb4ee99fe4cf230a3b847b4aa196476112261e29edd43a00e3835907774c71457ec25fe0d8a89cc6ee3e65f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\IT58BOCE\assault.cubers[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{CD21D0F0-2868-11EF-810A-46D84C032646}.dat

Filesize
5KB

MD5
1ab0afba659f07a2bd5dd6aeda12d6eb

SHA1
c7a77ae50fc0e7bfd7794302169a0e30fb18d84f

SHA256
88cd6855a24e46d06995540f9aca3e7eaec6f66e3e19f26954d71c61078313cb

SHA512
d17f8ea16f8ddbd251ab628cbd7dd3dd11ab5dadf8a597c3e647279184b7d02308b7cd9ddca996545f42615627e7c5253f593c140e98c12a17599e12e5526813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{125408C4-28CB-11EF-8156-CE03E2754020}.dat

Filesize
5KB

MD5
bbfb4061e4e27893e2bf92d9986bc370

SHA1
b618383610cab0ce1e95cd30698581cfad3d1970

SHA256
af5a781ae275d6de5cbea1d795d36280ac0b9fcd8731c144e322957ed07de717

SHA512
aa70ccda21203e7609deb13c724da2fb9afb773bf6856e8338a4cb14cf890b53c6f1494b1887f0ef413f3d8eab42d17fee21a1d1f0f4d9f25b48a3c8e89cf6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

Filesize
2KB

MD5
e75357b6c06a39ba0e59e652236ad799

SHA1
7f8f0a286811162868cca3f34105a8c9cd02f8b9

SHA256
62f13cb11e339caeee6a4dc5e0a4250f5f72280130342a8e548f9be1383a69f9

SHA512
57daf1869682e8f794881534ee0af097c5ddb859255ec15afe77f4996405a76333e75cb895739959e7c19f1ace8b6f40891341b490d0e041f63c0e51edc75b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

Filesize
3KB

MD5
bf783a72a141abc53a6fb38b38446a06

SHA1
45fa25f0e561f56adf147c25a70d33ce8f0c88bc

SHA256
6dd328df23de368b2ef6f32c397f6529febba01fe51b5cc14f4505888d54a656

SHA512
adc228f69199d4018ad73bdc741bc4e7bd7bd843f2fe9d1a9d13c1c04af19c3f7ccfa582f667cebce07f4098602f3db4a82a067370eb867f72f85189111298a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

Filesize
70KB

MD5
a6b545dbbfbc92be2f9d290206c38501

SHA1
49f301f90694814fd941fc4bbf16830930a65b6d

SHA256
668d6188aa85f3776c8f5606ff3e1a6133bbae71e3cedde8df3be388604c2b9b

SHA512
af80967c3908e4afcad24dc4e7804ee183e953bcc1b00e42a223a1aa3ffa84d30fc7a8e66f7fbbf64dab74eb1b72e7d21734eccc5ed6de0509d5bc848b7706c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\favicon[2].ico

Filesize
66KB

MD5
a615032c2e19dad19a484a402f6dd1a7

SHA1
b28fc72a6a3ba06249e0390fe80db5c050515e51

SHA256
8a73b3064d06550f07bedd6e8586a647ca4e16dc81cd6c9ffa491f14b33c298c

SHA512
8755f38c32ee8711af59d44273af4dd8acac736bef16d816f9f67ad7d41d3ec1695389613d9bef2cce26a99ece44b224b0d59875bbb12dbd717af9a8164a2e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\cla-rvsf[1].png

Filesize
87KB

MD5
29f7b2a79b37e437f6ff8be37f8e99b7

SHA1
8e289752e969fbe7b9d0930dac8b9b7c397fd76a

SHA256
cb38c7c96d27aca60ef2be32c7662a747324c4faa99ed85f794aac1280669fa1

SHA512
b89c9ccd3b821b87e46b0a08ddd4590da4f617d4de9d5ed21c6e12003d9b704027b7ef64b3d07031bd42577fe4ba5614302dfb1674734ef43b46f186209d7706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\logo_google_search_round_color_1x_web_64dp[1].png

Filesize
2KB

MD5
f40674c5a955432a289b6c17a0c63353

SHA1
6741c1b919b163f4988d0888ee9388cdd0beda03

SHA256
b874c167a6ad43f336eb0e15dfbb60b1274c5970db96fdfbd28d6e02cc14a177

SHA512
4e664fb4d70756d335453184cb4f44ea3948bef8dea8b93ba40b32d976832244a9e8ef8baf78ae9fdb5aa10dd87a1377857b110979d4569ac96c5785485ca96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\uzLmB-hD-fj2VMQZKsG8SEy_6Kb5a8vndyfTSmYVJek[1].js

Filesize
53KB

MD5
4f672a598d5c99cbac05add32e1539c3

SHA1
b04c7d9a7a77f688571600c24af05e2ea9db924a

SHA256
bb32e607e843f9f8f654c4192ac1bc484cbfe8a6f96bcbe77727d34a661525e9

SHA512
a3136e7f49fa2ce1bfbd18a405866806c09e7b412dcec5c82d0e3cf532633cf41137b9db9c755363cc617e782afe45dc338c80773519a6b06ea2fa98d56ccdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\bodybg[1].png

Filesize
35KB

MD5
16d46ea1df45803856df0f09c01395c3

SHA1
e8b1ab575d67b61ae264ac0dd5d34233610525b4

SHA256
d5455a70c62944b6cda35896eea6546a64fe6e4a9309713fff793ad2625748de

SHA512
2201648bb73272b51d138f23478613537e3095a05c57da21e2b5099a95521818adfad359bf7b418953696293dd3ee51e172c21d41edb1d825e5e0e40d3f2a287

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC17D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC17E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFA27B0DA6A074C80C.TMP

Filesize
24KB

MD5
99ace303c741af3803fc54dfe27e8d03

SHA1
6f34a36c5699eea81f43aec0f8866351869fbe26

SHA256
751fd7a93aca5b8351cf72dc5d99fd06f1895839db82e9a1e0f5019c83dcc23f

SHA512
f68233934961c73ce96e0c046baac8c115b007edf8d01d5983f9df598676493eb92252fddefc5850f572757bb36debb5265a7c887a8372e364ed6580c5016a1d

Download Submit
C:\Users\Admin\Downloads\AssaultCube_v1.3.0.2_LockdownEdition.exe

Filesize
46.0MB

MD5
91aeb7d436f737f7cb60439daa9f3ea2

SHA1
120d0b9f53b0461fce65bcc437648b3e63830ef0

SHA256
77eff4497232562eeb1862f97d484777202e8ac42c411093a821234045ee61a5

SHA512
31c57e08e3ccb7aea1564cc993f4137f5d34e7c958afbb2ddc2b901e50f60d62bb5ecd1ebfc7eec35f1d558da3643fb59774c80b3489b1e53539be3d6948e8e5

Download Submit
\Program Files (x86)\AssaultCube 1.3.0.2\Uninstall.exe

Filesize
110KB

MD5
3b04c55505bb5926e52603cbb9d3ab65

SHA1
87330da4cc804c93c89ba1012a99593d3a50eceb

SHA256
73a8b81a37dfebf54457ce978d293d9e10667803a58bc4eb038bf05743ce8e6b

SHA512
bcde9ec2818819ce24cdfe678f6abb9d979c193dbeee4244fb863a78cb20e71e8555b3c9e0bf01de3145a3599d8131efcd5a9463ebbce59ceff6e7d3c8697156

Download Submit
\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\oalinst.exe

Filesize
790KB

MD5
694f54bd227916b89fc3eb1db53f0685

SHA1
21fdc367291bbef14dac27925cae698d3928eead

SHA256
b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd

SHA512
55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5

Download Submit
\Users\Admin\AppData\Local\Temp\nszF7C9.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
\Users\Admin\AppData\Local\Temp\nszF7C9.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nszF7C9.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Windows\SysWOW64\OpenAL32.new

Filesize
106KB

MD5
235355a8dd26903e75d5e812ecf50e53

SHA1
8316319341a0f9054e19e4a7b21df3dc49386fee

SHA256
1797d150a2e23af4f390f5c33eb598c6f58d0454011d74941f5316add900bbdd

SHA512
5beb9343028790f993d0acb1007fd112b7e2ef6f9fbedfdb62b0140d2bbadf3b6368417ea19edb0bc8674d19418e5784fef4430ce1c329de8e83c304706d39ac

Download Submit
\Windows\SysWOW64\wrap_oal.new

Filesize
434KB

MD5
d494267bc169604fac5e3679b9a97fed

SHA1
c093ce5a4f7dc40f7f604945bd1facfb2c805c4b

SHA256
a4e46e6d09c4b0966824a2f6628ebf738e813672692a52a0d63d982e1030ef4f

SHA512
7cfcfb570ecfa974054b5285c7d6ad3bccf502866ea70789750c3748394cb0991d1fa6dec9c50a506dbc697953663ec2605277a4451098bb8cd6699c4e506040

Download Submit
\Windows\System32\OpenAL32.new

Filesize
120KB

MD5
2ad7b4f3c8d2bb686d231edff404b7a4

SHA1
f29676b96d04bd2765925a3834d9babfdce6a0b3

SHA256
87802322c8e63555c26fe473ce234ce7099745ccb28c02766c2224c726454039

SHA512
51a6c8cfe30e34c37437e6c5f8c602aa0759b65559a82521e2dbcf8a9865b826077854acb6497df6085d67b4c66083ae5f0f192b743a4b6f77ce7b18f01bf528

Download Submit
\Windows\System32\wrap_oal.new

Filesize
455KB

MD5
549347bcd4aacd63243d78e8f869dbb1

SHA1
efc00d2a7c5acfe17b8a58023826e6840aef39a6

SHA256
5379373cf3eff41cdd8c912c65e27e1bd492bd84238d19a093aa846c9b1ce909

SHA512
c6789376d05deb8c5050225c37c023055c107a72b49afddfd3f91e7e7429d38db9346e2e5d38986c2000c3828389cfbe5d74d80423a79eebd0367bcc81137cd5

Download Submit
memory/1680-5919-0x00000000005C0000-0x00000000006F3000-memory.dmp

Filesize
1.2MB

Download
memory/1680-5918-0x0000000000030000-0x0000000000040000-memory.dmp

Filesize
64KB

Download